Loading controls...
Benchmark: 3.13.11 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI
Description
Cryptography can be employed to support many security solutions including the protection of controlled unclassified information, the provision of digital signatures, and the enforcement of information separation when authorized individuals have the necessary clearances for such information but lack the necessary formal access approvals. Cryptography can also be used to support random number generation and hash generation. Cryptographic standards include FIPSvalidated cryptography and/or NSA-approved cryptography.
Usage
Browse dashboards and select 3.13.11 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check aws_compliance.benchmark.nist_800_171_rev_2_3_13_11Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.benchmark.nist_800_171_rev_2_3_13_11Controls
- API Gateway stage cache encryption at rest should be enabled
- CloudTrail trail logs should be encrypted with KMS CMK
- DynamoDB table should be encrypted with AWS KMS
- Attached EBS volumes should have encryption enabled
- EFS file system encryption at rest should be enabled
- ELB application load balancers should redirect HTTP requests to HTTPS
- ELB classic load balancers should use SSL certificates
- ES domain encryption at rest should be enabled
- Log group encryption at rest should be enabled
- OpenSearch domains should have encryption at rest enabled
- RDS DB instance encryption at rest should be enabled
- Redshift cluster encryption in transit should be enabled
- Redshift cluster audit logging and encryption should be enabled
- S3 bucket default encryption should be enabled
- S3 buckets should enforce SSL
- SageMaker endpoint configuration encryption should be enabled
- SageMaker notebook instance encryption should be enabled
- SNS topics should be encrypted at rest